The vulnerability of the ParametersInterceptor class implementation in the Apache Struts software platform allows attackers to compromise the integrity of the protected information.

The vulnerability of the ParametersInterceptor class implementation in the Apache Struts software platform is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to manipulate the integrity of protected information by using a class parameter passed t...

The vulnerability in the implementation of the OGNL expression transformation class for XWork command structures on the Apache Struts software platform allows attackers to circumvent security restrictions and execute arbitrary commands.

The vulnerability of the OGNL expression transformation class implementation in the XWork expression structure of the Apache Struts software framework is related to deficiencies in access control when using the ParametersInterceptor class with the parameter. Exploiting this vulnerability allows a...

GHSA-WXW2-2MX5-C5QF Improper Input Validation in OpenSymphony XWork

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict pound sign references to context objects, which allows remote attackers to execute Object-Graph Navigation Language OGNL statements and...

GHSA-VRWC-QJMW-5RJM ClassLoader manipulation in Apache Struts

The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...

VulnCheck KEV: CVE-2014-0112

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for...

VulnCheck KEV: CVE-2014-0094

The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...

Apache Struts2 S2-049 Denial of Service Vulnerability

Struts2 is Apache Software Foundation is responsible for maintaining a MVC-based design pattern of the Web application framework for open source projects . Apache Struts2 S2-049 denial of service vulnerability , the reason for this vulnerability is that Struts2 call Spring security AOP proxy...